[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate sasl-secprops for different tansports

Hai Zaar wrote:

Why don't you just remove the SASL mechanisms you don't want? The SASL/EXTERNAL will always be there
Does not look like that - if I set "sasl-secprops
noanonymous,noplain,noactive" then heimdal-kdc, which uses
SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves

You're missing the point. Leave the sasl-secprops at their default setting and just remove the modules for the SASL mechanisms that you don't want to allow.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/